CVE-2003-0791

Опубликовано: 07 окт. 2003

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and earlier allows attackers to execute native methods by modifying the string used as input to the script.thaw JavaScript function, which is then deserialized and executed.

Ссылки

http://secunia.com/advisories/11103/
URL Repurposed
http://www.mandriva.com/security/advisories?name=MDKSA-2004:021
Broken Link
http://www.osvdb.org/8390
Broken Link
Patch
Vendor Advisory
http://www.securityfocus.com/advisories/6979
Broken Link
Patch
Third Party Advisory
VDB Entry
Vendor Advisory
http://www.securityfocus.com/bid/9322
Broken Link
Patch
Third Party Advisory
VDB Entry
Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=221526
Issue Tracking
Patch
Vendor Advisory
http://secunia.com/advisories/11103/
URL Repurposed
http://www.mandriva.com/security/advisories?name=MDKSA-2004:021
Broken Link
http://www.osvdb.org/8390
Broken Link
Patch
Vendor Advisory
http://www.securityfocus.com/advisories/6979
Broken Link
Patch
Third Party Advisory
VDB Entry
Vendor Advisory
http://www.securityfocus.com/bid/9322
Broken Link
Patch
Third Party Advisory
VDB Entry
Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=221526
Issue Tracking
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:*

Версия до 1.4 (включая)

Конфигурация 2

cpe:2.3:o:sco:openserver:5.0.7:*:*:*:*:*:*:*

EPSS

Процентиль: 78%

0.01149

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-502

Связанные уязвимости

CVE-2003-0791

CVSS3: 9.8

debian

почти 22 года назад

The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and earl ...

GHSA-8cc8-674c-8354

CVSS3: 9.8

github

больше 3 лет назад

EPSS

Процентиль: 78%

0.01149

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-502